Safari Automatically Executes Shell Scripts When ‘Open “Safe” Files’ Pref Is On

Heise Online:

Problems ensue if a shell script is stored into a ZIP archive without the so-called shebang line. If this line is omitted, Safari no longer recognizes the content as potentially dangerous and executes shell commands without a confirmation prompt.

Yet another Safari security problem caused by the dangerous “Open ‘safe’ files after downloading” preference switch. Turn this off and you’re safe from this exploit.

(Via John Siracusa via AIM.)

Tuesday, 21 February 2006